SAP-C02 · Question #677
SAP-C02 Question #677: Real Exam Question with Answer & Explanation
The correct answer is A: Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM. Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities. https://docs.
Question
A solutions architect is preparing to deploy a new security tool into several previously unused AWS Regions. The solutions architect will deploy the tool by using an AWS CloudFormation stack set. The stack set's template contains an IAM role that has a custom name. Upon creation of the stack set, no stack instances are created successfully. What should the solutions architect do to deploy the stacks successfully?
Options
- AEnable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM
- BUse the Service Quotas console to request a quota increase for the number of CloudFormation
- CSpecify the CAPABILITY_NAMED_IAM capability and the SELF_MANAGED permissions model
- DSpecify an administration role ARN and the CAPABILITY_IAM capability during the creation of
Explanation
Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities. https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
Community Discussion
No community discussion yet for this question.